Client-side Exploit attack refers to that the attacker constructs malformed data and sends it to the target host. When the user uses the client application program containing vulnerabilities to process these data, an error occurs in the internal processing flow of the program, and the embedded Malicious code in the data, resulting in penetration and intrusion. This type of attack is aimed at software programs whose application software is on the client side, and the most common ones are popular application software represented by browsers and Office. Such attacks pose a huge threat, especially due to the uneven security awareness of users and the rapid development of e-commerce, client penetration attacks directly targeting users' personal hosts are increasingly favored by attackers.
Characteristics of Client Penetration Attacks
In the Internet architecture, each end system is interconnected to form the Internet, each running a variety of application software to provide services to users. Each end system can be both a service provider and a service consumer. The service provider opens the designated port and waits for the user to visit and apply for the corresponding service. Therefore, application software generally has a client/server (C/S) mode, a browser/server (B/S) mode, and a pure client mode. The software that ordinary users run on the host system is in the client side of the above mode most of the time, actively accessing the remote server through the Internet, receiving and processing data from the server.
The client penetration refers to the penetration attack on these client application software. The browser/server mode attack takes the commonly used IE browser as an example. The attacker sends an access link to the user, and the link points to a malicious webpage on the server. Malicious code in the , leading to the attack.
Pure client mode attacks, taking Adobe and Office as examples, the attacker detects personal information such as the mailbox and instant messaging account of the target user through social engineering, and sends malicious documents to the user. When a user opens a document, a security hole is triggered, and malicious code in it is run, resulting in an attack. It can be seen that the client-side penetration attack is significantly different from the server-side penetration attack described in the previous chapter, that is, the malicious data sent by the attacker to the user host will not directly cause the service process in the user system to overflow, but is required